BLOG: Banking on the public cloud

When you go to the cloud, your data is in the hands of the provider. How can you protect your data though?

What do banks and the public cloud have in common? More than you might think. Let's use the concept of banking as we jump into the root of the public cloud debate.

Do you remember when you were a kid and your parents first walked you into a bank? It always felt like a magical palace where anything was possible. You had a little booklet where the teller marked your deposits, and a slip of paper could turn into money.

Now, the bank is truly magical in a different sense. Banks are still seen as the safe and secure alternative to storing your money under your mattress. But who knows where our actual money really is? All we know as consumers is that our cash and gold bars (wishful thinking) will be waiting for us whenever we decide that it's time.

We understand that the bank "takes care of our money" as the FDIC insured signage instills both confidence and comfort. If the bank goes out of business, you still get your money back - and the government guarantees it. It's not a perfect system, but it's a great example of how trust in an institution translates into material exchanges. And your mattress does not provide interest on any deposits.

Now, let's go back to those gold bars for a second. Banks offer another attractive service called safe deposit boxes. In this scenario, you take your most valuable items (see: birth certificates, family jewels, old childhood soccer trophies, whatever), and place them within the walls of the bank. Once this is secured, only yourself and any of your selected parties hold the necessary keys for access. There's also a secure process - you hold a key that the bank doesn't own, you need a specific ID to enter the facility, and activities are monitored up until the time you leave.

I'm guessing that you wouldn't want your worst enemy (or anyone else for that matter) to be given access to your safe deposit box. In fact, you wouldn't even want someone in the bank to have access.

A cloud safe-deposit box? Now let's switch that focus back to the public cloud. At the moment, many organizations have decided to put some of their data in a cloud environment, while still leaving the true "family jewels" of the business (i.e. customer information, HR policy forms, and credit card details) 'under their mattress', or in their data center. While they are not ready to fully embrace the cloud for everything, it is clear that moving to the cloud is the next step.

Now, let's think back to CSPs and banks for a second. Many CSPs have openly stated that they will not be responsible for the privacy of your data. What would happen if the bank told you that those safe deposit boxes weren't really that secure, or that protecting the jewels in their vaults actually was your own responsibility? Yikes! I wouldn't go near the place with a ten-foot pole!